I am using cancan gem with rails3. Here I have same log in form for all roles. I have a admin section. Normal authentication check user log in or not but not check his role admin or not.
So normal user can see admin pages using admin url (myapp/com/admin/users), how to authenticate ?
Thanks Prasad